Re: [PATCH 0/3] New system call, unshare

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[email protected] wrote:
Quoting Florian Weimer ([email protected]):

* Janak Desai:


With unshare, namespace setup can be done using PAM session
management functions without patching individual commands.

I don't think it's a good idea to use security-critical code well


Note that this patch is not removing the CAP_SYS_ADMIN requirement,
just allowing the operation to happen outside of clone().  Unlike
domain transitions in selinux, which should be tied to exec() so
as to tie them to known code, I don't see what clone() would provide
in terms of safety which we are losing.


without its original specification.  Clearly the current situation
sucks, but this is mainly a lack of PAM functionality, IMHO.


I'm not sure this is to do with PAM functionality, rather than
just its design.  Is there a way of "fixing" pam so that we don't
need unshare()?


I have been trying to narrow down the problem since Alan's post
about using clone() instead of unshare. The problem comes down to
parent, on _exit(), clobbering controlling tty. I have tried, from
the child, to close and open the tty stored in PAM but that has
not helped.

-Janak

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]
  Powered by Linux